<?php
/*
 * Copyright 2009 Eat Local Food, LLC
 * Copyright (c) 2007 osCommerce (this file was written after
 * code review of osCommerce).
 *
 * This file is part of gwtCommerce.
 *
 * gwtCommerce is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 2 of the License, or
 * (at your option) any later version.
 *
 * gwtCommerce is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with gwtCommerce.  If not, see <http://www.gnu.org/licenses/>.
 */

defined('IN_ADMIN_COMPONENT_CONTROLLER') or die();

require_once('includes/functions/configuration_functions.php');

class AccountsAdministrationComponent
{
	function AccountsAdministrationComponent()
	{
	}

	function action(&$params, $action)
	{
		if ($action == 'Update') 
			return $this->edit($params);
		else if ($action == 'ToggleWholesale') 
			return $this->toggleWholesale($params);
		else
			return $this->query($params);
	}

	function query(&$params)
	{
		$handle = get_class($this);
		$value{$handle . 'MetaData'}{'store_url'}= HTTPS_SERVER . 'index.php#AccountComponent--ViewAccount';

		$paginate = (boolean)$params['paginate'];
		$max_rows = (int)$params['max_rows'];
		$offset = (int)$params['offset'];

		$keywords = prepare_input($params['keywords']);
		if ($keywords != null && strlen($keywords) > 0 && !parse_search_string($keywords, $search_keywords))
		{
			//TBD add error to metadata
		}

		$where = '';
		if (isset($search_keywords) && (sizeof($search_keywords) > 0))
		{
			$where .= '(';
			for ($i=0, $n=sizeof($search_keywords); $i<$n; $i++ )
			{
				switch ($search_keywords[$i]) {
					case '(':
					case ')':
					case 'and':
					case 'or':
						$where .= ' ' . mysql_real_escape_string(prepare_input($search_keywords[$i])) . ' ';
						break;
					default:
						$keyword = mysql_real_escape_string(prepare_input($search_keywords[$i]));
						$where .= '(c.customers_lastname like \'%' . $keyword . '%\' ' .
						'or c.customers_firstname like \'%' . $keyword . '%\' ' .
						'or c.customers_email_address like \'%' . $keyword . '%\'';
						$where .= ')';
						break;
				}
			}
			$where .= ') ';
		}

		$sqlQuery = 'select c.customers_id, c.customers_firstname, c.customers_lastname, c.customers_email_address, ' .
		'customers_telephone, customers_fax, customers_isWholesale, c.customers_isLogin, ' .
		"DATE_FORMAT(ci.customers_info_date_account_created, '%Y-%m-%d %H:%i:%s') as date_created, " .
		"DATE_FORMAT(ci.customers_info_date_account_last_modified, '%Y-%m-%d %H:%i:%s') as date_modified, " .
		"DATE_FORMAT(ci.customers_info_date_of_last_logon, '%Y-%m-%d %H:%i:%s') as last_login, " .
		'ci.customers_info_number_of_logons,  '. 'count(ljr.reviews_id) as count_reviews_id, cn.countries_name ' .
		'from ' . TABLE_COUNTRIES . ' cn,  ' . TABLE_CUSTOMERS_INFO . ' ci, ' . TABLE_ADDRESS_BOOK . ' a, ' . TABLE_CUSTOMERS . ' c ' .
		'left join ' . TABLE_REVIEWS . ' ljr on (c.customers_id = ljr.customers_id) ' .
		'where c.customers_id=ci.customers_info_id and c.customers_default_address_id=a.address_book_id ' .
		'and a.entry_country_id=cn.countries_id ';
		if (strlen($where) > 0) $sqlQuery .= ' and ' . $where . ' ';
		$sqlQuery .= 'group by c.customers_id ' .
		'order by c.customers_lastname, c.customers_firstname, c.customers_id';

		if ($paginate) {
			$sqlQuery .= ' limit ' . $offset . ', ' . $max_rows;
		}
		$dataReturned = mysql_query($sqlQuery) or die(mysql_error());
		$i = 0;
		while($row = mysql_fetch_array($dataReturned))
		{
			$value{$handle}{$i}{'id'}= (int)$row['customers_id'];
			$value{$handle}{$i}{'firstname'}= $row['customers_firstname'];
			$value{$handle}{$i}{'lastname'}= $row['customers_lastname'];
			$value{$handle}{$i}{'email'}= $row['customers_email_address'];
			$value{$handle}{$i}{'telephone'}= $row['customers_telephone'];
			$value{$handle}{$i}{'fax'}= $row['customers_fax'];
			$value{$handle}{$i}{'wholesale'}= (boolean)$row['customers_isWholesale'];
			$value{$handle}{$i}{'isLogin'}= (boolean)$row['customers_isLogin'];
			$value{$handle}{$i}{'date_created'}= $row['date_created'];
			$value{$handle}{$i}{'date_modified'}= $row['date_modified'];
			$value{$handle}{$i}{'last_login'}= $row['last_login'];
			$value{$handle}{$i}{'number_of_logins'}= (int)$row['customers_info_number_of_logons'];
			$value{$handle}{$i}{'number_of_reviews'}= (int)$row['count_reviews_id'];
			$value{$handle}{$i}{'countries_name'}= $row['countries_name'];
			
			$i++;
		}

		if ($paginate) {
			$sqlQuery = 'select count(c.customers_id) as cnt from ' . TABLE_CUSTOMERS . ' c ';
			if (strlen($where) > 0) $sqlQuery .= 'where ' . $where;
			$dataReturned = mysql_query($sqlQuery) or die(mysql_error());
			$cnt = 0;
			while($row = mysql_fetch_array($dataReturned))
			{
				$cnt = (int)$row['cnt'];
			}

			$value{$handle . 'MetaData'}{'max_rows'}= (int)$max_rows;
			$value{$handle . 'MetaData'}{'offset'}= $offset;
			$value{$handle . 'MetaData'}{'page_links_max'} = (int)MAX_DISPLAY_PAGE_LINKS;
			$value{$handle . 'MetaData'}{'rows'}= $i;
			$value{$handle . 'MetaData'}{'total_rows'}= $cnt;
		}
		
		return $value;
	}

	function edit(&$params) 
	{
		$i = 0;
		while (true)
		{
			$i++;
			if ($i > 1000) break;

			$accountId = (int)$params['accountAdministrationId-'.$i];
			if ($accountId == 0) break;

			$firstname = prepare_input($params['accountAdministrationFirstname-'.$i]);
			if ($firstname == null || strlen($firstname) == 0) continue;

			$lastname = prepare_input($params['accountAdministrationLastname-'.$i]);
			if ($lastname == null || strlen($lastname) == 0) continue;

			$emailAddress = prepare_input($params['accountAdministrationEmail-'.$i]);
			if ($emailAddress == null || strlen($emailAddress) == 0) continue;

			$telephone = prepare_input($params['accountAdministrationPhone-'.$i]);

			$fax = prepare_input($params['accountAdministrationFax-'.$i]);

			$wholesale = (int)$params['accountAdministrationWholesale-'.$i];

			$deleteRow = (boolean)$params['accountAdministrationDelete-'.$i];

			if ($deleteRow) {
				if ($accountId < 1) continue;
				$sql = 'delete from ' . TABLE_ADDRESS_BOOK . ' where customers_id=' . $accountId;
				mysql_query($sql) or die(mysql_error());
				$sql = 'delete from ' . TABLE_CUSTOMERS_BASKET . ' where customers_id=' . $accountId;
				mysql_query($sql) or die(mysql_error());
				$sql = 'delete from ' . TABLE_CUSTOMERS_BASKET_ATTRIBUTES . ' where customers_id=' . $accountId;
				mysql_query($sql) or die(mysql_error());
				$sql = 'delete from ' . TABLE_CUSTOMERS_INFO . ' where customers_info_id=' . $accountId;
				mysql_query($sql) or die(mysql_error());
				$sql = 'delete from ' . TABLE_ROLES_TO_CUSTOMERS . ' where customers_id=' . $accountId;
				mysql_query($sql) or die(mysql_error());
				$sql = 'delete from ' . TABLE_CUSTOMERS . ' where customers_id=' . $accountId;
				mysql_query($sql) or die(mysql_error());
			}
			else {
				$sql_data_array = array();
				$sqlAction = 'insert';
				$where = '';
				if ($accountId > 0) {
					$sqlAction = 'update';
					$where = 'customers_id=' . $accountId;
				}

				$sql_data_array['customers_firstname'] = $firstname;
				$sql_data_array['customers_lastname'] = $lastname;
				$sql_data_array['customers_email_address'] = $emailAddress;
				$sql_data_array['customers_telephone'] = $telephone;
				$sql_data_array['customers_fax'] = $fax;
				db_perform(TABLE_CUSTOMERS, $sql_data_array, $sqlAction, $where);
			}
		}

		return $this->query($params);
	}

	function toggleWholesale(&$params) 
	{
		$accountId = (int)$params['accountAdministrationId'];
		$sqlQuery = 'select customers_isWholesale from ' . TABLE_CUSTOMERS . ' where customers_id=' . $accountId;
		$dataReturned = mysql_query($sqlQuery) or die(mysql_error());
		
		while($row = mysql_fetch_array($dataReturned))
		{
			$wholesale = (int)$row['customers_isWholesale'];
			if ($wholesale != 0) $wholesale = 0;
			else $wholesale = 1;
			$sql = 'update ' . TABLE_CUSTOMERS . ' set customers_isWholesale=' . $wholesale . ' where customers_id=' . $accountId;
			mysql_query($sql) or die(mysql_error());
			$sql = 'update ' . TABLE_CUSTOMERS_INFO . ' set customers_info_date_account_last_modified=now() where customers_info_id=' . $accountId;
			mysql_query($sql) or die(mysql_error());
			break;
		}
		return $this->query($params);
	}
}
?>
